Home Hardware Unlocking Hardware Virtualization for Cloud Native Deployments

Unlocking Hardware Virtualization for Cloud Native Deployments

Updated on Mar 27,2024

Unlocking Hardware Virtualization for Cloud Native Deployments

Introduction
The Cloud Native Ecosystem
Catacontainers 2.0
Cloudvisor
How Containers are Managed with Kubernetes
Catacontainers in the Container Runtime Landscape
Components of Catacontainers
- 7.1 Cata Agent
- 7.2 Virtualization Layer
- 7.3 Cata Monitor
- 7.4 Image Fetching
- 7.5 Runtime Shim API
Overhead and Performance Considerations
Trust Model and Security
Future Directions and Features
Conclusion

Introduction

👋 Welcome everyone to this virtual session! My name is Samuel Ortiz and today I will be talking about the cloud native ecosystem and how we are working to make hardware virtualization a cheap commodity for cloud native deployments. Specifically, I will be discussing two projects: Catacontainers 2.0 and Cloudvisor, and their role in this endeavor. As an employee at Intel, I am directly involved in the development of these two projects, so let's dive in!

The Cloud Native Ecosystem

The cloud native ecosystem has revolutionized the way we build and deploy applications. With the rise of containerization and orchestration frameworks like Kubernetes, developers can now create highly scalable and portable applications that can run across different cloud environments. However, there are still challenges to overcome, especially when it comes to the efficient utilization of hardware virtualization.

Catacontainers 2.0

Catacontainers 2.0 is an enhancement of the previous Catacontainers project, which aims to provide hardware virtualization as a container isolation layer. In Catacontainers 2.0, instead of running containers as processes on the host, a virtual machine (VM) is created using a hypervisor or VMM (Virtual Machine Manager). This VM hosts the container workloads, providing stronger isolation and security compared to traditional containerization.

Pros

Stronger isolation through hardware virtualization.
Enhanced security for container workloads.
Compatibility with Kubernetes and existing container runtimes.

Cons

Overhead due to the additional components and complexity.
Potential compatibility issues with existing container specifications designed for running processes on the host.

Cloudvisor

Cloudvisor is a lightweight hypervisor that supports Catacontainers and other container runtimes. It is designed to provide seamless integration with Kubernetes and the entire cloud native ecosystem. Cloudvisor runs on top of KVM (Kernel-based Virtual Machine) and is based on the Upstream ROS VMM project. Compared to other hypervisors like QEMU, Cloudvisor offers better boot latency and has a smaller memory footprint.

How Containers are Managed with Kubernetes

Before we delve into the details of Catacontainers and Cloudvisor, let's quickly Recap how containers are managed and launched with Kubernetes. On each node, there is a kubelet agent that communicates with a CRI (Container Runtime Interface) runtime, which in turn calls into an actual container runtime. By default, the OCI (Open Container Initiative) standard runtime, such as runC, is used to create and manage containers within pods. These containers are isolated from the rest of the system using namespaces.

Catacontainers in the Container Runtime Landscape

Catacontainers introduce a new approach to containerization by utilizing hardware virtualization as an isolation layer. Instead of running containers as processes on the host, Catacontainers launch a virtual machine where the container workloads are managed by a Cata Agent. This virtual machine runs a full Linux guest OS, providing a higher level of isolation and security.

Components of Catacontainers

Catacontainers consist of several components that work together to provide hardware virtualization and container isolation. Let's discuss each of these components in detail.

7.1 Cata Agent

The Cata Agent is an agent running inside the virtual machine that manages the Pod and its workloads. It communicates with the Cata runtime using a specific protocol, such as gRPC or TTRPC, to ensure seamless integration and efficient management of the container workloads. With Catacontainers 2.0, the memory overhead of the Cata Agent has been significantly reduced from 10 megabytes to 1-2 megabytes, resulting in better resource utilization.

7.2 Virtualization Layer

The virtualization layer is provided by the hypervisor or VMM, such as Cloudvisor or QEMU. It creates a virtual machine where the pod is executed, and the Cata Agent manages the workloads within that virtual machine. This layer adds complexity and potential compatibility issues due to the use of hardware virtualization, but it offers stronger isolation and security for container workloads.

7.3 Cata Monitor

Cata Monitor is a component that monitors the entire set of containers running on a node. It integrates seamlessly with Prometheus and provides a comprehensive set of metrics from the hypervisor, Cata Agent, and the guest running inside the virtual machine. This allows for better observability and monitoring of container workloads.

7.4 Image Fetching

In traditional container setups, the container images are fetched from the host and then exposed to the virtual machine. However, with Catacontainers, there is an option to fetch the container images directly from inside the virtual machine. This extends the trust model, allowing tenants to run their workloads inside a VM without having to trust the CSP (Cloud Service Provider) or the host. This feature further enhances security and provides more control over the container environment.

7.5 Runtime Shim API

Catacontainers 2.0 introduces the Runtime Shim API v2, which simplifies the interaction between the CRI runtime and the Catacontainers runtime. This API allows for the use of a single long-standing daemon per pod instead of multiple shims for each container within the pod. This improves scalability, reduces complexity, and enhances security by minimizing the number of processes running on the host.

Overhead and Performance Considerations

When adopting Catacontainers and hardware virtualization, there are certain overheads and performance considerations to keep in mind. The overhead introduced by the additional components and the use of virtual machines may impact performance, especially for I/O-bound workloads. However, the performance impact varies based on the workload characteristics and the hypervisor used. It is essential to carefully consider and test the performance trade-offs before deploying Catacontainers in production.

Trust Model and Security

Catacontainers provide a stronger isolation layer and enhance security by leveraging hardware virtualization. Running containers inside a VM ensures that the host or CSP cannot see the internal workings or memory consumption of the container workloads. Furthermore, Catacontainers 2.0 introduces features such as image fetching from within the virtual machine, extending the trust model to protect container workloads from the CSP itself. This approach aligns with the growing need for confidential computing and enhances the security posture of cloud native deployments.

Future Directions and Features

The Catacontainers project is continuously evolving, with ongoing developments and future directions in mind. Some of the planned enhancements and features for Catacontainers 2.0 include improved observability through seamless integration with Prometheus, Simplified architecture and scalability through the Runtime Shim API v2, and the optional fetching of container images from within the virtual machine. These advancements aim to reduce overhead, enhance compatibility with Kubernetes, and provide a more secure and efficient container runtime solution.

Conclusion

In conclusion, Catacontainers 2.0 and Cloudvisor are valuable additions to the cloud native ecosystem, enabling hardware virtualization as a cost-effective commodity for container environments. While there are considerations regarding overhead, performance, and compatibility, Catacontainers offer stronger isolation, enhanced security, and flexibility for running workloads inside virtual machines. With ongoing developments and future features, Catacontainers is positioned to play a significant role in the future of containerization and cloud native deployments.

🎉 Thank you for joining this session, and I'm now ready to address any further questions!

Harnessing AI and Intel oneAPI to Address Climate Change

Analyzing and Manipulating Flight Data with Silk Plus

Most people like

Miro

AI innovation Workspace

ThumbnailCreator.com

AI tool for creating stunning YouTube thumbnails quickly.

Runable

Runable is a general AI agent that can execute any task, from building web apps, slides, reports, and documents to generating images, videos, and podcasts, all in one place. It doesn’t just create it connects. Runable integrates with thousands of your favorite apps so you can simply ask it to do the work for you.

Wollo.ai

AI character chat platform for creating, interacting with, and discovering lifelike AI personas.

Elser AI

All-in-one AI Studio for Character-consistent Anime Videos

Rekam AI-Your One-Stop Voice Creation Platform

All-in-one AI voice creation platform for text-to-speech, voice clone, and speech-to-text.

Gobii

Hire AI employees that automate your web workflows — built on a production-grade platform that runs 24/7 without the maintenance headaches.

ChatUp AI - Personal AI Chatbot for Free

Free AI chatbot, writing assistant, and character chat.

CrePal AI

All-in-one AI video agent that helps you create viral AI videos

Wondershare Filmora

AI video editor with tools for all skill levels and creative assets.

TokenHot

Unified LLM API gateway for 100+ models with up to 90% cost savings.

EverMemOS

Infinite memory. Persistent identity. Evolving intelligence. EverMemOS, powered by EverMind, is entering beta on the new cloud platform. The Memory Genesis Competition 2026 officially launches alongside it.

Free

Kumoo

Professional AI Portrait Retouching

Van Gogh Free Video Generator

AI video generator for artistic videos from text/images.

Tripo AI

AI-powered 3D model generator from images and text.

Claude Code中转站API

Stable domestic direct-connect proxy for Claude API with CNY payment and low latency.

Flowith

AI Creation Workspace for knowledge transformation and collaboration with AI models.

Diagrimo

AI-powered tool to turn ideas/text into clear diagrams & infographics.

Nextify AI

AI platform for generating high-performing ad creatives and UGC videos instantly.

X-Pilot

#1 AI Educational Videos Generator，Knowledge to Video in 1-Click

A2E Free and Uncensored AI Videos

Free and uncensored AI toolbox for creators including image-to-video, lip-sync, ai videos generator, AI avatars, voice clone, face swap and APIs.

Image Translator-

Advanced AI-powered image translation that preserves context and formatting. Translate text within images instantly with high accuracy across 130+ languages.

Vidu

Leading AI platform for converting text and images into high-quality videos.

Lufe AI Translator

AI-powered bilingual translation extension for web, PDF, and images.

Redesignr Ai - landing page builder and website redesign

AI platform for building landing pages, redesigning websites, and generating documentation.

PDF Translator

Professional AI-powered pdf document translation, supporting multiple languages, accurate and fast

Vidduo

AI video generator for low-cost, high-quality image-to-video and text-to-video.

AdpexAI

Unlimited Face Swap for Images & Videos | $0.01 for Every 10 Mins

FixArt AI: AI Video, AI Image

Free AI video & image generator with no sign-up, democratizing creativity.

Media.io

Free online AI tools for video, image, and audio generation.

Free

Alice

Alice is an AI assistant app for chatting with AI models and automating tasks.

JoyFun AI

Experience true creative freedom with JoyFun AI, the ultimate free and unlimited AI video generator. Instantly create stunning videos from text or images, perform realistic face swaps, and explore a suite of powerful AI video effects. No sign-up, no credit limits—just pure, uncensored creativity at your fingertips.

Rebolt

No-code AI platform to build apps and agents by speaking with AI.

Masonry AI

One prompt, every AI model: compare image and video generation across all platforms in a canvas

Dora Studio

AI Video Motion Graphics - Turn Text to Motion Video

Trickle

The world’s 1st agentic canvas where you can co-create with AI, visually, to ship production-ready apps & websites.

Ampere

Ampere let's you Deploy OpenClaw AI agents in 60 seconds with free managed hosting and $500 in Claude credits. No servers. No Docker. No DevOps.

Free

Magicboat AI

From Script to Screen: Create Consistent, Professional AI Short Films in Minutes.

Tyan AI

Tendem AI

Tendem is a new hybrid AI agent. It handles your tedious tasks combining the speed of AI with the judgment of human experts.

Wonderchat

AI Chatbot builder to create custom ChatGPT chatbots from website links or PDFs.

Limecube AI Website Builder

Limecube is an AI-powered website builder that helps you launch a polished, SEO-ready website faster — without needing design or technical skills. Generate pages and copy with AI, customise with a simple drag-and-drop editor, then publish with your own domain. Start with a free trial and get to “live” with confidence.

Noiz ai

AI Text to Speech, voice cloning, and emotional voice design tool.

Trooper.AI

Rent fast, private, affordable EU GPU servers for AI/ML.

heyfish.ai

HeyFish AI is an AI-powered UGC video ads platform that Create high-quality UGC-style video ads using single-person and dual-person AI digital humans, built-in ad templates, multi-language support, and 4K video output—optimized for TikTok, Meta, and YouTube.

Fabricate

AI app builder creating production-ready React apps from simple text descriptions.

CalBye

AI-powered nutrition app for instant calorie tracking and personalized diet coaching via meal photos.

Sugarbug

Workflow intelligence that connects your tools into a living knowledge graph.

Palabra.ai

Palabra.ai is a real-time AI speech translation platform for video calls, live events, broadcasting and API integrations, supporting 60+ languages with near-zero latency.

KiloClaw

Managed hosting for OpenClaw. Set up OpenClaw in seconds.

Cheetu AI

Your Lightweight Interpreter & AI Notetaker

Free

Pexo

Pexo is the AI video partner that meets you where you are.

Loamly

See who ChatGPT sends you — they convert 4x better

Jet Admin

No-code/AI platform for custom business apps and internal tools.

Lynote

Lynote is an all-in-one AI learning platform that checks originality with an AI detector,youtube transcript —more powerful features coming.

AdsTurbo

AI video ad generator that transforms product images and URLs into high-performing marketing creatives.

Floyo

Browser-based ComfyUI for easy workflow discovery, building, and running with zero setup.

Pine

AI Executive Assistant that Actually Executes!

Atlas Cloud

A unified, full-modal AI inference and model infrastructure platform for developers and creators.

FineVoice

FineVoice is a versatile AI voice generator. Instantly create high-quality, royalty-free voices, SFX, and music.

Kin AI

Emotionally intelligent and private personal AI companion for support and coaching.

Free

CometAPI

CometAPI is a one-stop large-model API aggregation platform that provides convenient and efficient API service integration and management. It is a complete set of tools that connects the entire API lifecycle, helping R&D teams implement best practices for API Design-first development., and helps make AI development easier.

Anyone.com

Anyone.com simplifies home buying and selling with transparency and AI-powered agent matching.

Free

Atera IT Autopilot

The first Autonomous IT solution built for IT teams facing growing demands

Tended.ai

AI-powered RFP automation platform to streamline tender processes and improve response times.

Pixwit

Pixwit.ai — AI Video & Image Creator That Brings Your Ideas to Life Pixwit.ai is an innovative AI‑powered creative platform designed to make professional video and visual content creation accessible to everyone — from content creators and marketers to storytellers and businesses. Whether you’re crafting short social media clips, dynamic product ads, animated avatars, or multi‑scene long‑form videos, Pixwit offers an all‑in‑one solution powered by cutting‑edge artificial intelligence. Pixwit At the heart of Pixwit is its suite of advanced AI video models, enabling users to turn text prompts or static images into stunning, high‑quality videos with just a few clicks. You can: ✨ Generate videos from text prompts — describe your idea and watch AI render it into vibrant visuals with synchronized audio and cinematic motion. Pixwit 🎨 Transform photos into animated sequences — upload images and let the platform animate them into rich, engaging video stories. Pixwit 📈 Create UGC ad reels and marketing clips tailored for social platforms with multiple aspect ratios and eye‑catching effects. Pixwit 🧑‍🎤 Generate AI avatar videos — bring selfies or portraits to life with expressive movement and lip‑sync animation. Pixwit 📽 Produce longer narrative videos — craft multi‑scene content with consistent characters and smooth transitions using conversational feedback. Pixwit Pixwit.ai combines multiple powerful AI models and creative tools in one centralized platform, eliminating the need to hop between separate apps or subscriptions. Its interface is built for ease of use — no advanced technical skills are required, and you can start creating immediately with free credits after signup. Pixwit From social media creators seeking viral content to professionals producing polished visual projects, Pixwit.ai unlocks a new era of creative freedom by letting artificial intelligence do the heavy lifting while you focus on ideas. Pixwit

Lovarank

AI-powered SEO automation for organic traffic growth.

AITextTune

Improve your text with AI in just one click! Correct any errors, improve clarity and flow… change the style! Generate summaries, explanations and translate texts in 25+ different languages. Use it on any tool or software you're writing on and in any language. Revolutionize your writing in an instant!

Maqnet AI

Promptless AI image and video generation platform with creative ideas and automatic content creation.

FridgeSnap.AI

AI tool turning fridge photos into chef-crafted recipes to save money and reduce waste.

CrawlChat

AI chatbot for documentation, support, and analytics.

EaseUS ChatPDF

all-in-one platform for productivity and creativity. From writing and research to AI image and video generation, it helps you work faster, learn smarter, and create stunning visuals with ease.

Free

DKnownAI Guard

DKnownAI Guard is a security API for AI agents. It detects prompt injection, jailbreak attempts, deceptive instructions, and high-risk operational intent before execution.

Nonverbia

Nonverbia turns video meetings into clear, actionable insights. We decode body language, attention, and speaking dynamics so sales teams know what landed, what missed, and what to do next.